package com.zcw.demospringsecurity.demo6;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;
@Component
public class MyAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken)
throws AuthenticationException{
if(usernamePasswordAuthenticationToken.getCredentials() ==null){
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",
"密码不能为空"));
}else{
String presentedPassword = usernamePasswordAuthenticationToken.getCredentials().toString();
if (!presentedPassword.equals(userDetails.getPassword())){
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",
"密码错误"));
}
}
}
@Override
protected UserDetails retrieveUser(String s,UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken)
throws AuthenticationException{
return userDetailsService.loadUserByUsername(s);
}
}
